Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.
Reconfiguration Of Small Network
Hi All,
Currently we have the following network setup:
3 Servers (2 Physical 1 Virtual)
2 Physical Servers:
ONE running 2008R2 (PDC) and being the AD DS, RDP server and DNS server AND the Hyper V host
TWO running 2012R2 being a DC and also storing backups of 2008R2 server state.
VIRTU running 2008R2 and being hosted on server ONE. Users all RDP to this server and it provides word, excel etc and our own software that runs in IIS.
We're having problems with the VM crashing a lot. Things have settled as we have gone through resolving DNS and other issues but we have been advised to upgrade to 2012R2.
So before agreeing on a way forward, I'd really appreciate some input on the best set up.
The idea is:
Upgrade server ONE to 2012R2 and then create a VM of it (call it VMONE).
Remove all roles on ONE except RDS and Hyper V
Install VMONE on ONE as the PDC with AD DS, DNS etc.
Happy to add additional physical servers if required. The physical server ONE is a dual CPU, 36GB RAM server. Server TWO is a single CPU 8GB ram server that has very little load other than backup services and DC role.
Any suggestions gratefully received.
Currently we have the following network setup:
3 Servers (2 Physical 1 Virtual)
2 Physical Servers:
ONE running 2008R2 (PDC) and being the AD DS, RDP server and DNS server AND the Hyper V host
TWO running 2012R2 being a DC and also storing backups of 2008R2 server state.
VIRTU running 2008R2 and being hosted on server ONE. Users all RDP to this server and it provides word, excel etc and our own software that runs in IIS.
We're having problems with the VM crashing a lot. Things have settled as we have gone through resolving DNS and other issues but we have been advised to upgrade to 2012R2.
So before agreeing on a way forward, I'd really appreciate some input on the best set up.
The idea is:
Upgrade server ONE to 2012R2 and then create a VM of it (call it VMONE).
Remove all roles on ONE except RDS and Hyper V
Install VMONE on ONE as the PDC with AD DS, DNS etc.
Happy to add additional physical servers if required. The physical server ONE is a dual CPU, 36GB RAM server. Server TWO is a single CPU 8GB ram server that has very little load other than backup services and DC role.
Any suggestions gratefully received.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Honestly? You've got a mess. Hyper-V should never coexist with other roles, so having a DC also running Hyper-V is already a huge problem. It will also throw a huge wrinkle in any upgrade plans you make and no upgrade will be simple. Furthermore, RDS in 2012 is not a trivial undertaking and should also stand alone and not be with other roles. And in most cases, you want to break out the RDSH role from the other RDS roles if users are logging into full sessions instead of using RemoteApp. Or you'll quickly find that users manage to break the RDCB or RDLicensing "unintentionally."
Based on your current situation, you really need to look at migrating away from server one either to temp servers or similar, and rebuilding each role and each VM one at a time. It won't be a simple plan, and so I can't get more specific as I don't know the skills you have at your disposal or the resources. But it is a fairly intensive project and far more complex than the outline you are thinking about if you want a stable and supported network infrastructure.
Based on your current situation, you really need to look at migrating away from server one either to temp servers or similar, and rebuilding each role and each VM one at a time. It won't be a simple plan, and so I can't get more specific as I don't know the skills you have at your disposal or the resources. But it is a fairly intensive project and far more complex than the outline you are thinking about if you want a stable and supported network infrastructure.
I agree with Cliff. What you describe is something that someone who doesn't really have the appropriate experience would have done and even what you're considering suggests that this is not your area of expertise. In short:
Hyper-V hosts need to be Hyper-V hosts and NOTHING ELSE.
RDS Servers need to be RDS Servers and NOTHING ELSE.
Frankly, I don't think hardware is your issue - it's purely how everything was setup and installed. I would strongly suggest given the mess you currently have, hire a pro who knows what they are doing to get you over this mess... then you ca manage it. We can guide you on helping to ensure you hire a qualified person and then help you in day-to-day tasks, but the way I understand your environment, it's like you're a nurse trying to perform heart surgery... you either need a lot more experience/learning or to get a doctor in to do the surgery.
Hyper-V hosts need to be Hyper-V hosts and NOTHING ELSE.
RDS Servers need to be RDS Servers and NOTHING ELSE.
Frankly, I don't think hardware is your issue - it's purely how everything was setup and installed. I would strongly suggest given the mess you currently have, hire a pro who knows what they are doing to get you over this mess... then you ca manage it. We can guide you on helping to ensure you hire a qualified person and then help you in day-to-day tasks, but the way I understand your environment, it's like you're a nurse trying to perform heart surgery... you either need a lot more experience/learning or to get a doctor in to do the surgery.
I would do the following :
Migrate all roles except Hyper V to Virtual Server's on the 2012( You would need to install Hyper V) - taking best practises as seen above into account. Ideally i always try to seperate major roles each to their own VM. The advantages hyperv 2012 has over 2008 is big - go read up on it.
I would then upgrade the 2008 to 2012 and install Hyper V.
Lastly I would setup failover clustering on both 2012 servers so that the virtual servers have redundancy between the servers.
Lastly you can divide all your vm's between the 2 servers to best utilize hardware.
Migrate all roles except Hyper V to Virtual Server's on the 2012( You would need to install Hyper V) - taking best practises as seen above into account. Ideally i always try to seperate major roles each to their own VM. The advantages hyperv 2012 has over 2008 is big - go read up on it.
I would then upgrade the 2008 to 2012 and install Hyper V.
Lastly I would setup failover clustering on both 2012 servers so that the virtual servers have redundancy between the servers.
Lastly you can divide all your vm's between the 2 servers to best utilize hardware.
Thanks for the all the suggestions. You're right this isn't my area of expertise. But after the mess the IT guys we trusted this to caused, I'm using experts exchange as a way to identify the best way forward, so at least I can tell when I'm speaking to someone who knows what they ARE doing!
Our biggest problem is the server is in (almost) constant use and taking it offline we only have a small window (5 hours) to do.
I should also mention that the network is only 5 users all remote desktop (using zero clients), not sure whether that makes any difference?
Our biggest problem is the server is in (almost) constant use and taking it offline we only have a small window (5 hours) to do.
I should also mention that the network is only 5 users all remote desktop (using zero clients), not sure whether that makes any difference?
Zero clients? So you have Multipoint?
I don't know who you hired before or what their credentials were... or if they came recommended... but there are a lot of bad guys out there and a lot of good guys. Strictly speaking, you might want to look for a "managed services" provider - they charge a flat monthly fee to maintain the network - as such it's in your best interest AND THEIRS to ensure your network has the fewest problems possible - the more issues it has, the more time they have to spend repairing and with a fixed rate, that means no difference in their income from you if they spend 30 hours or 3...
Call some folks in to give you proposals - then ask us if the proposals make sense. You can't have unrealistic expectations and they should be setting your expectations appropriately.
I don't know who you hired before or what their credentials were... or if they came recommended... but there are a lot of bad guys out there and a lot of good guys. Strictly speaking, you might want to look for a "managed services" provider - they charge a flat monthly fee to maintain the network - as such it's in your best interest AND THEIRS to ensure your network has the fewest problems possible - the more issues it has, the more time they have to spend repairing and with a fixed rate, that means no difference in their income from you if they spend 30 hours or 3...
Call some folks in to give you proposals - then ask us if the proposals make sense. You can't have unrealistic expectations and they should be setting your expectations appropriately.
No we don't have multipoint. We have HP Zero clients which connect to the server via RDP.
I'm searching for managed options as I type... will update this thread.
Thanks
I'm searching for managed options as I type... will update this thread.
Thanks
In terms of licensing costs, so that I can budget our requirements, what versions of windows server 2012R2 would be suitable for each role?
So for example, we already have one machine with 2012R2 essentials that acts as physical DC and one copy (license) of 2012R2 standard with 5 cals that is yet to be installed in any server (and gives I believe 2 VMs).
Would essentials be sufficient for separate RDS server role? Thanks in advance
So for example, we already have one machine with 2012R2 essentials that acts as physical DC and one copy (license) of 2012R2 standard with 5 cals that is yet to be installed in any server (and gives I believe 2 VMs).
Would essentials be sufficient for separate RDS server role? Thanks in advance
Premium Content
You need an Expert Office subscription to comment.Start Free Trial